Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

createRole() expression syntax

0 views
Skip to first unread message

"ziad_kurdi"_ziad.m.kurdi.gsk.com

unread,
Jun 12, 2002, 1:06:06 PM6/12/02
to

Is there documentation on the syntax for expressing policies to the RoleEditorMBean.createRole(String
resource, String role, string expression) method?

I am trying to programmatically migrate pre WL70 acls and map them to roles using
the Dafault Role Mapper. I tried the syntax generated on the console (configure
role), but I get the exception: admin : SubjectLandAdmin weblogic.entitlement.data.EnCreateException:
Unknown word for 'Caller is member of group SubjectLandAdmin' at position:0

Start server side stack trace:
weblogic.entitlement.data.EnCreateException: Unknown word for 'Caller is member of
group SubjectLand
Admin' at position:0
at weblogic.entitlement.engine.EEngine.createRoles(EEngine.java:414)
at weblogic.security.providers.authorization.DefaultRoleMapperImpl.createRole(DefaultRoleMap
perImpl.java:118)
at java.lang.reflect.Method.invoke(Native Method)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:1287)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:920)

at weblogic.management.internal.RemoteMBeanServerImpl_WLSkel.invoke(Unknown
Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:346)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:300)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:762)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:295)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:30)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:152)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:133)
End server side stack trace


Any help and advice is much appreciated. Ziad--

Neil Smithline

unread,
Jun 12, 2002, 2:02:17 PM6/12/02
to
Unfortunately, due to timing constraints we could not get this syntax to
a state that we were comfortably making it public. We are trying to
address this in a future release.

- Neil

Ziad

unread,
Jun 12, 2002, 2:41:22 PM6/12/02
to

I grabbed the policy expression from several roles and tried to immitate it. I came
up with:

Grp(name) or {Usr(name)}
{Grp(name)}
{Grp(name1)|Grp(name2)}
usr(name) or {usr(name)}
combinations of the above

Is that about right?

Neil Smithline

unread,
Jun 12, 2002, 11:54:59 PM6/12/02
to
I feel uncomfortable providing support on an unsupported feature. BEA
provides no guarantees about the functionality, correctness,
appropriateness, nor forward compatibility of any unsupported features.

That being said, what you have looks basically correct although it is
subject to change at any time without notice.

- Neil

0 new messages